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DETAILED ACTION 

This office action is in response to remarks filed on August 13, 2010. Claims 33-51 and 
53-62 are pending. 

Allowable Subject Matter 

Claims 34, 46, 50 and 55 are objected to as being dependent upon a rejected base claim, 
but would be allowable if rewritten in independent form including all of the limitations of the 
base claim and any intervening claims and also subject to overcoming 101 rejection as discussed 
below. 

Response to Arguments 

Applicant's arguments filed on August 13, 2010 have been fully considered but they are 
not persuasive because of the following reasons: 

Regarding Claims 33-51 and 53-62 applicants argued that the cited prior arts (CPA) [Alie 
(U. S. Publication No.: 2003/0055738)] Alie does not disclose at least the following claim 
elements recited in claim 33: performing a first, SIM-based authentication of the user's data 
processing terminal in the data processing system at an authentication data processing server, 
said performing the SIM-based authentication comprising operatively associating with the user's 
data processing terminal a first subscriber identity module issued to the data processing 
terminal user; conditioning the authentication of the user's data processing terminal in the data 
processing system to a second authentication , said second authentication being based on 
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identification information provided to the user at the mobile communication terminal through the 
mobile communication network using a second subscriber identity module . (Emphases added, 
independent claims 44, 48, 53, and 60 containing similar recitations. 

This is not found persuasive. The system of cited prior art teaches mobile transaction 
device that has smart card with encryption keys and calculates response using ID code (a first 
subscriber identity module) , transaction value and challenge. This personal mobile device 
comprises means for receiving information related to a transaction ( a first, SIM-based 
authentication) and sending a response, a hardware secure module (smart card) with encryption 
keys for processing information and calculating the response, an interface for displaying 
information and prompting the end user for the identification code (PIN) and means for inputting 
the identification code (using a second subscriber identity module) and approving the 
transaction (a second authentication) . The transaction information includes a challenge value, a 
label containing context information and a numerical value. 

Specifically, the present invention consists of a system and method for effecting 
transactions with strong multi-factor end user authentication, using personal mobile devices. 

This system includes the authentication server side processing of the transaction request. 
The authentication server sends the request information to its own Hardware Security Module 
(HSM) to obtain a derived challenge value (a non-predictable number) which is attached to a 
label containing context information as well as a numerical value pertaining to the transaction 
(transaction value, transaction number, or other), so that the transaction is uniquely identified 
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This system further consists of the procedure implemented by the personal mobile device 
(e.g. a personal digital assistant or a mobile handset), including its own hardware security 
module (HSM), to calculate and send back a response (signature).At the personal mobile device, 
the elements sent by the server are transferred to and processed by the HSM. If the personal 
mobile device has a direct connection, e.g. through a wireless link, to the server then the transfer 
of all elements is automatic. If it has an indirect connection, for example the information is 
shown on a personal computer display, the user must manually transfer two of the three elements 
(i.e. the challenge and the transactional value) using the personal mobile device input capability. 
The personal mobile device displays the information relating to the transaction, such as the 
value, and prompts the person for a PIN. The HSM uses the PIN, the transaction value, the 
challenge, and encryption keys to calculate a response. The response is sent to the server, 
automatically or manually depending on the type of the connection with the server ([Fig.2-7, and 
0010-0018, 0048-0041, and 0070-0096]). 

As a result, cited prior art does implement and teach a system that methods that relates to 
authenticating users of data processing systems using SIM based authentication involving an 
exchange of identification data stored on a Subscriber Identity Module. 

Therefore, the examiner asserts that cited prior art does teach or suggest the subject 
matter broadly recited in independent Claims and in subsequent dependent Claims. Accordingly, 
rejections for claims 33, 35-45, 47-49, 51, 53, 54 and 56-62 are respectfully maintained. 
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Claim Rejections - 35 USC § 101 

1. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or 
any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and 
requirements of this title. 

1 . Claim 47 and 5 1 are rejected under 35 USC 101 since the claims are directed to non- 
statutory subject matter. Claims 47 and 5 1 are directed towards a computer readable medium 
including code stored thereon which appears to cover both transitory and non-transitory 
embodiments. The specification on paragraph 0053 recites that "a computer readable storage 
media", but no specific definition is provided to define this claimed term. The United States 
Patent and Trademark Office (USPTO) is required to give claims their broadest reasonable 
interpretation consistent with the specification during proceedings before the USPTO. See In re 
Zletz, 893 F.2d 319 (Fed. Cir. 1989) (during patent examination the pending claims must be 
interpreted as broadly as their terms reasonably allow). The broadest reasonable interpretation of 
a claim drawn to a computer readable medium (also called machine readable medium and other 
such variations) typically covers forms of non-transitory tangible media and transitory 
propagating signals per se in view of the ordinary and customary meaning of computer readable 
media, particularly when the specification is silent . See MPEP 2111.01. When the broadest 
reasonable interpretation of a claim covers a signal per se, the claim must be rejected under 
35 U.S.C. § 101 as covering non-statutory subject matter. See In re Nuijten, 500 F.3d 1346, 
1356-57 (Fed. Cir. 2007) (transitory embodiments are not directed to statutory subject matter) 



Application/Control Number: 10/578,087 Page 6 

Art Unit: 2431 

and Interim Examination Instructions for Evaluating Subject Matter Eligibility Under 35 U.S.C. 
§ 101, Aug. 24, 2009; p. 2. 

2. The Examiner suggests that the Applicant add the limitation "non-transitory computer- 
readable medium "to the claim(s) in order to properly render the claims in statutory form in view 
of their broadest reasonable interpretation in light of the originally filed specification. The 
examiner also suggests that the specification be amended to include the term "non-transitory 
computer-readable medium" to avoid a potential objection to the specification for a lack of 
antecedent basis of the claimed terminology." 

2. Claims 60-62 are rejected under 35 U.S.C. 101 because the claimed invention is directed 
to non-statutory subject matter. 

3. Claims 60-62 recite, authentication kit, which is interpreted as software per se, however, 
the claims fail to assert the program recorded on an appropriate computer-readable medium so as 
to be structurally and functionally interrelated to the medium and permit the function of the 
descriptive material to be realized. Since a computer program is merely a set of instructions 
capable of being executed by a computer without a computer-readable medium needed to realize 
the computer program's functionality, it is regarded as nonstatutory functional descriptive 
material. See MPEP 2106.01 for details. 

3. Examiner notes that the use of word kit in the preamble does not inherently mean that the 
claim is directed towards a machine or hardware. At least one claimed within the claim language 
needs to positively indicate that it is a physical part of the apparatus. In the claim language cited 
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above elements such as "an authentication kit for authenticating a user's data processing 
terminal. . .", can be considered as software elements because claim language does not disclose a 
hardware entity upon which these elements reside on or they themselves being hardware 
elements, performing these functions . Therefore claims 60 and 62 are directed towards software 
per se and is rejected under 35 U.S.C 101. 



Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 351(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 2 1(2) of such treaty in the English language. 

Claims 33, 35-45, 47-49, 51, 53-54 and 56-62 are rejected under 35 U.S.C. 102(e) as 
being anticipated by Alie (U. S. Publication No.: 2003/0055738). 

1 . Regarding Claim 33 Alie teaches and describes a method of authenticating a data 
processing terminal of a user for granting the data processing terminal access to selected services 
provided by a data processing system, the user being provided with an authenticatable mobile 
communication terminal adapted to be used in a mobile communication network[0058-0061], 
comprising: 
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performing a first, SIM-based authentication of the user's data processing terminal in the 
data processing system at an authentication data processing server, said performing the SIM- 
based authentication comprising operatively associating with the user's data processing terminal 
a first subscriber identity module issued to the data processing terminal user [0072-0075]; 

having the user's mobile communication terminal authenticated in the mobile 
communication network [0077]; and 

conditioning the authentication of the user's data processing terminal in the data 
processing system to a second authentication, said second authentication being based on 
identification information provided to the user at the mobile communication terminal through the 
mobile communication network using a second subscriber identity module (secret i.e. PIN) 
([0078-0081]). 

2. Regarding Claim 44 Alie teaches and describes a method by which a data processing 
terminal in a data processing system is authenticated in order to be granted access to selected 
services provided by the data processing system [0058-0061], the method comprising: 

interacting with a first user's subscriber identity module (SIM) operatively associated 
with the data processing terminal, and with an authentication data processing server in the data 
processing system, for performing a SIM-based authentication of the user's data processing 
terminal [0072-0075]; 

acquiring personal identification information provided to the user at a user's mobile 
communication terminal for second authentication, wherein the second authentication is through 
a mobile communication network using a second subscriber identity module; and sending said 
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personal identification information to the authentication data processing server for completing 
the authentication of the data processing terminal (secret i.e. PIN) ([0077-0081]). 

3. Regarding Claim 48 Alie teaches and describes a method by which an authentication data 
processing server authenticates a user's data processing terminal in a data processing system in 
order to grant the data processing terminal access to selected services provided by the data 
processing system [0058-0061, comprising: 

receiving a request of authentication of the data processing terminal, the data processing 
terminal having operatively associated therewith a first subscriber identity module; performing a 
SIM -based authentication of the data processing terminal based on data associated with the first 
subscriber identity module [0072-0075]; 

providing the user with first personal identification information by exploiting a user's 
mobile communication terminal authenticated in a mobile communication network [0077]; and 

conditioning the authentication of the user's data processing terminal to a prescribed 
correspondence between the first personal identification information provided to the user and 
second personal identification information received from the user's data processing terminal 
through the mobile communication network using a second subscriber identity module in reply 
to the provision of the first personal identification information (secret i.e. PIN) ([0078-0081]). 

4. Regarding Claim 53 Alie teaches and describes in a data processing system, a system for 
authenticating a data processing terminal of a user so as to grant the data processing terminal 
access to selected services provided by the data processing system, the user having an 
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authenticatable mobile communication terminal adapted to be used in a mobile communication 
network [0058-0061], comprising: 

a first subscriber identity module operatively associatable with the data processing 
terminal; and an authentication data processing server adapted to carry out a first authentication 
step based on the first subscriber identity module [0072-0075]; 

the authentication data processing server being further adapted to carry out a second 
authentication process based on identification information provided to the user at the mobile 
communication terminal through the mobile communication network using a second subscriber 
identity module (secret i.e. PIN) ([0077-0081]). 

5. Regarding Claim 60 Alie teaches and describes an authentication kit for authenticating a 
user's data processing terminal in a data processing system in order to grant the data processing 
terminal access to selected services provided by the data processing system [0058-0061], 
comprising: 

a first subscriber identity module; a computer peripheral device having associated 
therewith the first subscriber identity module and operatively associatable with the user's data 
processing terminal [0072-0075]; and 

a second subscriber identity module operatively associated with a user's mobile 
communication terminal for allowing connection thereof to a mobile communication network 
(secret i.e. PIN) ([0077-0081]). 



6. 



Regarding Claim 62 Alie teaches and describes an authentication kit for authenticating a 
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user's data processing terminal in a data processing system in order to grant the data processing 
terminal access to selected services provided by the data processing system [0058-0061], 
comprising: 

a first subscriber identity module; a computer peripheral device having associated 
therewith the first subscriber identity module and operatively associatable with the user's data 
processing terminal [0072-0075]; 

a second subscriber identity module operatively associated with a user's mobile 
communication terminal for allowing connection thereof to a mobile communication network; 
and the computer program product of claim 47 or 5 1 (secret i.e. PIN) ([0077-0081]) 

4. Claims 35-43, 45, 47, 49, 51, 54, 56-59 and 61 are rejected applied as above rejecting 
Claims 33, 44, 48, 53, and 60. Furthermore, Alie teaches and describes data dependent 
scrambler, wherein: 

As per Claim 35, comprising having the user entering the second password through the 
data processing terminal ([0010-0018]). 

As per Claim 36, the second password is entered automatically upon receipt of the first 
password at the user's mobile communication terminal ([0070-0076]). 

As per Claim 37, said first password is usable a limited number of times, or one time only 
([0070-0076]). 

As per Claim 38, comprising issuing to the user a second subscriber identity module 
adapted to be used in the user's mobile communication terminal for authentication thereof in the 
mobile communication network ([0010-0018]). 
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As per Claim 39, the second subscriber identity module has a fixed, one-to-one 
relationship with the first subscriber identity module ([0070-0076]). 

As per Claim 40, the first subscriber identity module is associated with an identifier of 
the second subscriber identity module, or a mobile communication terminal number ([0070- 
0096]). 

As per Claim 41, said identification information is sent to the user's mobile 
communication terminal by way of a short message service message ([0070-0096]). 

As per Claim 42, said first subscriber identity module is of a type adopted in mobile 
communication networks for authenticating mobile communication terminals ([0010-0018]). 

As per Claim 43, said performing the first, SIM-based authentication of the data 
processing terminal comprises having the first subscriber identity module authenticated by an 
authentication server of the data processing system, the authentication server acting substantially 
as an authentication center of a mobile communication network operator ([0070-0096]). 

As per Claim 45, in which the first subscriber identity module is of a type adopted in 
mobile communication networks for authenticating mobile communication terminals ([0010- 
0018]). 

As per Claim 47, a computer-readable medium encoded with a computer program 
product directly loadable into a working memory of a data processing terminal, the computer 
program product comprising software code portion capable of performing, when executed, the 
method according to claim 44 ([0054-0068]). 

As per Claim 49, the first subscriber identity module is of a type adopted in mobile 
communication networks for authenticating mobile communication terminals, the authentication 
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data processing server acting substantially as an authentication center of a mobile 
communication network operator ([0054-0068]). 

As per Claim 51, a computer-readable medium encoded with a computer program 
product directly loadable into a working memory of an authentication data processing system, 
the computer program product comprising software code portion capable of performing, when 
executed, the method according to claim 48 ([0054-0068]). 

As per Claim 54, the first subscriber identity module is of a type adopted in mobile 
communication networks for authenticating mobile communication terminals ([0010-0018]). 

As per Claim 56, the second subscriber identity module is in a fixed, one-to-one 
relationship with the first subscriber identity module ([0070-0076]). 

As per Claim 57, the second subscriber identity module is associated with an identifier of 
the second subscriber identity module, particularly a mobile communication terminal number 
([0070-0076]). 

As per Claim 58, said first subscriber identity module is associated with a device 
connectable to the computer through a computer peripheral connection port ([0010-0018]). 

As per Claim 59, said mobile communication network is one among a GSM, a GPRS, 
and a UMTS network ([0070-0096]). 

As per Claim 61, the first subscriber identity module is of a type adopted in mobile 
communication networks for authenticating mobile communication terminals ([0010-0018]). 



Application/Control Number: 10/578,087 
Art Unit: 2431 



Page 14 



Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to SYED ZIA whose telephone number is (571)272-3798. The 
examiner can normally be reached on 9:00 to 5:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, William R. Korzuch can be reached on 571-272-7589. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

sz 

October 20, 2010 

/Syed Zia/ 

Primary Examiner, Art Unit 243 1 



